CloudTrail has the logging disabled

ID

aws_cloudtrail_logging_disabled

Severity

low

Vendor

AWS

Resource

Logging

Tags

non-reachable

Description

CloudTrail has the logging disabled. The records of all access and all events are not being stored.

To fix it, you must configure enable_logging=true (this is the default value).

Learn more about this topic at AWS CloudTrail.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: create cloudtrail
      amazon.aws.cloudtrail:
        state: present
        name: default
        s3_bucket_name: mylogbucket
        s3_key_prefix: cloudtrail
        region: us-east-1
        enable_logging: false

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: create cloudtrail
      amazon.aws.cloudtrail:
        state: present
        name: default
        s3_bucket_name: mylogbucket
        s3_key_prefix: cloudtrail
        region: us-east-1
        enable_logging: true